debian-mirror-gitlab/doc/development/new_fe_guide/style/html.md

# HTML style guide

## Buttons

### Button type

Button tags requires a `type` attribute according to the [W3C HTML specification](https://www.w3.org/TR/2011/WD-html5-20110525/the-button-element.html#dom-button-type).

```html
// bad
<button></button>

// good
<button type="button"></button>
```

### Button role

If an HTML element has an `onClick` handler but is not a button, it should have `role="button"`. This is [more accessible](https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/ARIA_Techniques/Using_the_button_role).

```html
// bad
<div onClick="doSomething"></div>

// good
<div role="button" onClick="doSomething"></div>
```

## Links

### Blank target

Use `rel="noopener noreferrer"` whenever your links open in a new window, i.e. `target="_blank"`. This prevents a security vulnerability [documented by JitBit](https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever/).

```html
// bad
<a href="url" target="_blank"></a>

// good
<a href="url" target="_blank" rel="noopener noreferrer"></a>
```

### Fake links

**Do not use fake links.** Use a button tag if a link only invokes JavaScript click event handlers, which is more semantic.

```html
// bad
<a class="js-do-something" href="#"></a>

// good
<button class="js-do-something" type="button"></button>
```
New upstream version 10.6.0+dfsg 2018-03-27 19:54:05 +05:30			`# HTML style guide`

New upstream version 10.7.3+dfsg 2018-05-09 12:01:36 +05:30			`## Buttons`

New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`### Button type`
New upstream version 10.7.3+dfsg 2018-05-09 12:01:36 +05:30
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			Button tags requires a `type` attribute according to the [W3C HTML specification](https://www.w3.org/TR/2011/WD-html5-20110525/the-button-element.html#dom-button-type).

			```html
New upstream version 10.7.3+dfsg 2018-05-09 12:01:36 +05:30			`// bad`
			`<button></button>`

			`// good`
			`<button type="button"></button>`
			```

New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`### Button role`
New upstream version 11.10.4+dfsg 2019-05-18 00:54:41 +05:30
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			If an HTML element has an `onClick` handler but is not a button, it should have `role="button"`. This is [more accessible](https://developer.mozilla.org/en-US/docs/Web/Accessibility/ARIA/ARIA_Techniques/Using_the_button_role).

			```html
New upstream version 10.7.3+dfsg 2018-05-09 12:01:36 +05:30			`// bad`
			`<div onClick="doSomething"></div>`

			`// good`
			`<div role="button" onClick="doSomething"></div>`
			```

			`## Links`

New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`### Blank target`
New upstream version 11.10.4+dfsg 2019-05-18 00:54:41 +05:30
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			Use `rel="noopener noreferrer"` whenever your links open in a new window, i.e. `target="_blank"`. This prevents a security vulnerability [documented by JitBit](https://www.jitbit.com/alexblog/256-targetblank---the-most-underestimated-vulnerability-ever/).

			```html
New upstream version 10.7.3+dfsg 2018-05-09 12:01:36 +05:30			`// bad`
			`<a href="url" target="_blank"></a>`

			`// good`
			`<a href="url" target="_blank" rel="noopener noreferrer"></a>`
			```

New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`### Fake links`
New upstream version 11.10.4+dfsg 2019-05-18 00:54:41 +05:30
New upstream version 11.10.8+dfsg 2019-07-07 11:18:12 +05:30			`Do not use fake links. Use a button tag if a link only invokes JavaScript click event handlers, which is more semantic.`

			```html
New upstream version 10.7.3+dfsg 2018-05-09 12:01:36 +05:30			`// bad`
			`<a class="js-do-something" href="#"></a>`

			`// good`
			`<button class="js-do-something" type="button"></button>`
			```